Overview

overview

7

Static

static

7

60940e500d...18.exe

windows7-x64

7

60940e500d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/07/2024, 12:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    60940e500dc37c11714fc33a6f1905d1_JaffaCakes118.exe

  • Size

    239KB

  • MD5

    60940e500dc37c11714fc33a6f1905d1

  • SHA1

    6b3c32fb50e4592f7cd8d64040472424d3c1a684

  • SHA256

    f6aad7ac0bf022c1cec0036c9ffac1b1a05174eab461d7be4dc47dc6dcee33e3

  • SHA512

    3345ccd93e3870aefededb47ca5993e4a2389f987f9a2db0d7d2de89bb183c4dba9c4d2d68913adf4996035f91e4f69bd5001418aaca381c6bfb87cccf64e623

  • SSDEEP

    6144:ZUXAXug1hQJeftkumJb0UGy9m2H0etYnXx0e2:ZyFggolkuxJ0f22e2

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60940e500dc37c11714fc33a6f1905d1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\60940e500dc37c11714fc33a6f1905d1_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\www.he-collection.net.exe
      "C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\www.he-collection.net.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3068
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.he-collection.net/member/exe_contact.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          398664f73e2b82fa33ff3fb3d7b2a64a

          SHA1

          1fb70c4eb472e3c3e7c54217183bbd4ba4dbc22c

          SHA256

          2c61b6de38f0ce2e24620a6b7b290098bcb9864c7468768d1df41ff834794b93

          SHA512

          6e77c56cd7c77bda19f8d7b2fb4f77604719f20f89707b19086c5582b53dbfee08dcc5c4af89c4db821ae9ac4889bf8956ed6927b3f8c529d9053e139e2ef5fe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bffbc6c05ffc9f01b64a0fdd9b1aaa45

          SHA1

          f6636d4fc5979c76d10b25e0ac051470145de786

          SHA256

          36792ad2959ba2fad28e7e5655c283ed5124f7204354f489b7e4a1a5545a6d10

          SHA512

          17cdee994092d902cdec1fefd5795e8794d6ce026542ffb071addc4e0d20bee0554f7ef21c49ca282be03b49d003b09393968386ae085bec8d25569ed0a4bd9d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9a6d00639f25671dfffaab3554717603

          SHA1

          7cffeebf1bb79d10efddef19983a8d444e6a0960

          SHA256

          88280a3cbef7e9b0019f469b4c70aad379e8740caa57d47359dee5066ecebc79

          SHA512

          f11f939ab9b9bde433f4551796957ddb197e554c8397f1fb17e7ad7f97a8ca133ec12df33b0ee0454912f2801c49e1c012d62e5a89fb5df7fccdd038f3024ed9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4785f5da1daa3259083bca6ecda95c37

          SHA1

          0d4e6f296ec53f09cc6f0261713a8392880cc699

          SHA256

          762300c14b7f5dac5ecc3b53b074fe4a7a1c483ef615cd8dc8214bfeeef79973

          SHA512

          e3f3fcf0143da5cbe7e7a9a021fd368fcc0634f701432ddeb601e41660d91e37075f4c468f5169471c4983880abc9a927020851ea7365d0e384f54f83bb7c91b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e23582214486e832ecf767e8eef3a999

          SHA1

          1a9d42fb1ec37eb8f5ef5ed5ef6e8a6a64226d35

          SHA256

          a87b2fd07946e88bd16534a09a50281c365f81388c5044986f73649bf3faf019

          SHA512

          829e1cf8a73ea8a4640017e67f360e1b4d2cc1fd4530a4794c1425814ba71b7312c0ede454bdecb65485ba2b4111d30fe1e33e30bf4a632b1fb46c89faa4a412

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          21a1dca82f8f1045d55c2714cc1a7d3a

          SHA1

          189c05c1b1949ceb107825c6c3309492b0377907

          SHA256

          4ddc832636143d93d471a89ba488633de9416f49d2f850510afd7fcfba8b5b99

          SHA512

          0764a66fe7d3cab816ca8677ecc3e1bbc93d491eaf55d04c8aeccc6fefc165357c6eb2630a1e24f2486a5b8c607b3fc51788662706dab76893262057447fa9fd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b453ce909b2cc1740a7513e1bfb157ea

          SHA1

          06ba48769400138a809a0dac7e35545ea2bf62f8

          SHA256

          72ef23a750ce48057f8d53366cedbb0876dcac7c8e86ad015a1b9062b8b955d6

          SHA512

          427bf44601becdd565dfba45867acc8078250e5c4af9f38e71108de4bf6b96cad7b8d0b295fc96f327239d582f225f853bcfaf7573590d0093a24b628ccb18e6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b204709d86a15771bba82c221365e09f

          SHA1

          f0a051771a63eeb12b410d20652c1ec9f3d6b48c

          SHA256

          136e1784abae159b504780c1458347f37e4a8d3a00d276d3f65e24924f48e767

          SHA512

          95b2f74fac8c0f56472c7b9767aa52f9030d585556bd51a36d590064560d110ff4b40c66eecedc1d5cd2d79192475b2ccf08db13d09b729596dbb0317bc4da56

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          54b681497234c6d9eb00a3c3d5ee70ed

          SHA1

          926c39e5a9d4f5122cefc882546d994a1ded3d0d

          SHA256

          366de9661539001313be9a39463357151faf9dda55e63a27357ecf11322bb3ac

          SHA512

          f3c568315fdac60c5f669026389a7a1f2ac3aa2459ba8d98b3d3295ec82f1d63046dfc2c7f42c4c0a43b65a375ed31eda6a8bf5f6cd32cc031599880ada5b1e6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2e8ac4c45bf32ecab5d00d3836711200

          SHA1

          a9d97ecd3c7d435bec999f973c0131929f539f3d

          SHA256

          41eeace8091f84492494755aa16b3a2d258c16aff4285c5a8239819fa4c84627

          SHA512

          0adb3f7c974c5474986e17d6765293ac873612c8cb093f688076c1373f627e8c790d45021c2295bc2925252bdc059a0ef6666f122864546227c8a0cd5876d6f3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bc575fc4430635a4af9538a1b029521e

          SHA1

          b68a4c8eff7accc632cbc61308b308f1c95b4d72

          SHA256

          8ccc03e0bd68fb15684ca0082701320607ba68429b7bf6bc0c208a1888a22544

          SHA512

          6006c3c219e07c3e0834bca67f002ee0f66c9392a36e34687aa70e0915f2defe10b4c917565395a714ab3a877e1e56f1a0cf692a7a81ef2846265d2597f52e1f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a51a09c7c33971ae182ee62f7090c375

          SHA1

          31f23ccd27728619887ba6e180e74729df516de3

          SHA256

          924a2c98738a875b5e41421587f98dd1a7e01124fdc009689fee09a87b022a70

          SHA512

          a9be171483f07b4348d64a2c07b9c3a1274eb88fe144ed74d53a3d4d3f9cf75be2734cc8220cd235815f635ae7b1d3527b2232e8dae2b2ae3597f5cdd9f421f6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabDC00.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarDC32.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • \Users\Admin\AppData\Roaming\Adobe\Flash Player\www.he-collection.net.exe
          Filesize

          239KB

          MD5

          60940e500dc37c11714fc33a6f1905d1

          SHA1

          6b3c32fb50e4592f7cd8d64040472424d3c1a684

          SHA256

          f6aad7ac0bf022c1cec0036c9ffac1b1a05174eab461d7be4dc47dc6dcee33e3

          SHA512

          3345ccd93e3870aefededb47ca5993e4a2389f987f9a2db0d7d2de89bb183c4dba9c4d2d68913adf4996035f91e4f69bd5001418aaca381c6bfb87cccf64e623

          Download Submit

        • memory/1640-1-0x0000000000400000-0x00000000007D2000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/1640-15-0x0000000003290000-0x0000000003662000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/1640-17-0x0000000000400000-0x00000000007D2000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/3068-450-0x0000000000400000-0x00000000007D2000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/3068-13-0x0000000000400000-0x00000000007D2000-memory.dmp

          Filesize

          3.8MB

          Download